Comments on: PHP Security Exploit: MySQL as a Backdoor with Load Data Local Infile http://marco-pivetta.com/php-exploit-mysql-backdoor-with-load-data-local-infile/ Web Development as seen by a Web Developer Thu, 15 Jan 2015 20:27:07 +0000 hourly 1 http://wordpress.org/?v=4.2.5 By: ocramius http://marco-pivetta.com/php-exploit-mysql-backdoor-with-load-data-local-infile/#comment-56 Tue, 11 Oct 2011 09:53:35 +0000 http://marco-pivetta.com/?p=109#comment-56 Thank you for pointing it out… That shows yet another leak/exploit I did not think of when using MySQL.
Also, I have to warn users that these bugs are not only related to the LAMP stack, but to MySQL itself.
I forgot to tell that in the article as I was focusing on the “standard” environment I work on every day.
The problems with any FILE statement affect EVERY MySQL server, especially if it’s access is provided outside localhost.
This is a problem with MySQL itself. If you didn’t fix it and you’re not the only person to have access to your system: go fix it NOW!

]]>
By: Maarten van Leeuwen http://marco-pivetta.com/php-exploit-mysql-backdoor-with-load-data-local-infile/#comment-55 Tue, 11 Oct 2011 09:39:07 +0000 http://marco-pivetta.com/?p=109#comment-55 Things can even get worse. “LOAD DATA INFILE” requires the FILE privilege. That same privilege also controls “SELECT INTO OUTFILE” which let’s you write selected data to files. Through a combination of SQL-injection and careless setting of filepermissions, you might be able to select a literal string containing a php/shell script and write it to a file in the webroot. That would be an exploit that allows a hacker to execute arbitrary code on your server. Therefore my advice would be to disable FILE privileges on MySQL used on a webserver. If you still think you need ‘m, think twice. If after that you still need them, create a special MySQL user and grant FILE permissions to that user only. Also make sure that your webservers webroot is read-only.

]]>